Ftp Disable RootLogin

From QNAPedia
Jump to navigation Jump to search

This topic explains how to load a modified proftpd.conf file at NAS startup to disable availability of login with root/admin account on the FTP server.


Skills required

Being able to connect to NAS via ssh (e.g use PuTTY)
Being able to edit files with vi

Prerequisites

Check the following page to create the autorun.sh script :
Running_Your_Own_Application_at_Startup

Using Method #3 is recommended to do next steps

How To

Login to your NAS via SSH and do the next steps.

Edit proftpd.conf

1.  Make a copy of your proftpd.conf file :

cp /etc/config/proftpd.conf /etc/config/proftpd.conf.sec

2.  Edit the copy with vi (type "i" to switch to edit mode)

vi /etc/config/proftpd.conf.sec
ServerName     "ProFTPD"
ServerType     standalone
DefaultServer  on
RootLogin      on

On line "RootLogin" change "on" with "off" and save the file (use "esc" key and type ":wq")

ServerName     "ProFTPD"
ServerType     standalone
DefaultServer  on
RootLogin      off

Edit autorun.sh


1. Edit your autorun.sh (path names according to Method #3 of Running Your Own Application at Startup)

vi /share/HDA_DATA/.qpkg/autorun/autorun.sh

2.  Paste the following lines in vi (type "i" to switch to edit mode)

#!/bin/sh
cp /etc/config/proftpd.conf.sec /etc/config/proftpd.conf
/etc/init.d/ftp.sh reconfig


Then, save the file (use "esc" key and type ":wq")


Now, at each NAS startup, the FTP server will use your proftpd.conf.sec configuration file and will protect your server against root/admin logins.

If you require root/admin rights when using your FTP server, consider using another user with same rights and a strong password.